Black Hat 2015: IoT devices can become transmitters to steal data

It’s possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks, a researcher tells the Black Hat 2015 conference.

By rapidly turning on and off the outputs from I/O pins on chips within the printer, it’s possible to generate a signal strong enough to pass through a concrete wall and beyond to a receiver, says Ang Cui, a researcher who works at Red Balloon Security and did the research at Columbia University.

The signal was sent down the printer cable connected to the pins that was long enough to serve as an effective antenna. He called the resultant system Funtenna.

He showed a demonstration of Funtenna on an inexpensive Pantum printer, sending the message: “The sky above the port was the color of television tuned to a dead channelllllll,” a line from the William Gibson hacker novel Neuromancer.

The implications of Funtenna is that similar exploits could be carried out against other inexpensive devices that have little security – a rough description of the IoT, he says. The manipulation of power to the pins causes capacitors in the attached universal asynchronous receiver/transmitter (UART) chips to “hum and vibrate”, Cui says, generating radio-frequency emanations. UART hardware translates serial data to parallel data and, importantly, they are configurable, he says. He says he believes his method will work on all UART chips made.

He demonstrated the signal being picked up by a standard handheld ham radio receiver.

He wrote simple code to create a readable message from the emanations using long and short signals as 0s and 1s. To be an effective tool for stealing data, the message would have to be formatted by another device and sent to the compromised machine.

Cui’s work is an extension of hacks done earlier, in which devices with other legitimate functions are turned into transmitters. It’s an effective means of stealing data because defenders don’t think to look for the traffic. “The attacker uses something the defender can’t readily monitor,” he says.